"No organization is going to be 100 percent risk free no matter how much you invest in information security. If your systems are connected to the internet there's going to be some risk. You're balancing convenience and accessibility with confidentiality and privacy," he said.

Vieyra says it is similar to your personal computer getting a virus. He says hack and system breaches can happen through e-mails, advertisement and webpages you frequently visit, even without you clicking on something.

"Unfortunately, the sad fact of life on the internet today is that if your system is connected to the internet at some point they will be attacked, and really the only thing that determines whether or not an attacker is successful is the level of resources they have available to them, compared to the resources you have available to defend," explained Vieyra. "There are any number of attacks that we see any given day. The university deals with this constantly and really any organization that has a network that is large or small is being attacked whether they know it or not."

He says the best way to prevent attacks is to use a variety of methods. He says organizations should know what type of information they have and the amount of security needed for various types of information to best protect it.

"The larger the organization the harder it is the keep tabs on where all of your data actually are, and so that's where organizations tend to get into trouble, a server will get compromised that people forgot about," he said.